I’ve been wrestling with the Firewall module a little bit over the past couple of months.
My first recommendation is to make sure that you have the local network in the Trusted zone. I’m not convinced that this feature is always working, but when it works, it does so well.
If the firewall is set up correctly, you also need to doublecheck the operation of the TFTP server files.
You should log in as root as “cd” to your /tftpboot directory and double-check that the files are all owned by Asterisk and that they are all chmodded to “666”. They don’t need to be executable (and should not be) to ‘666’ (universal read and write) should be enough.
There’s a setting on the tftpd file in the /etc/inetd.d (???) file/directory that turns on verbosity. Set that on (man tftpd should help) and look in your /var/log/messages file. This may give you additional hints on what is failing.